Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Holabuenas,

hoy los reyes magos me han dejado un regalito poco afortunado: me ha entrado el virusin este tan divertido: Virtumonde (creo que es, pues el Spybot es el unico que no me deja borrar).

El problema esta en que cada vez que abro cualquier cosa: firefox, msn, msconfig, etc. me salta un error del tipo:

firefox.exe - Imagen incorrecta
La aplicacion o DLL c:/windows/system32/wahewozi.dll no es una imagen valida de windows. Compruebe esto contra su disquete de instalacion.

Y al iniciar windows igual: cuando se ejecutan los programas iniciales...

La cual cosa es bastante horrible estar siempre con los errores.

He probado todo lo siguiente:

· scan de nod32
· spybot
· ccleaner
· regcleaner
· virtumonde fix

Y nada, el problema sigue...

Os agradeceria mucho si pudierais ayudarme, la verdad es que no me apetece nada formatear.

Gracias!

Hola Frionel bienvenido al foro

Realiza lo siguiente:

Descarga y actualiza pero no ejecutes aun:

• SUPERAntiSpyware Free + Manual
• MalwareBytes + (Manual)
• Ccleaner + Manual

Apaga restaurar sistema
Reinicia a Modo Prueba de Fallos (Modo Seguro)

Ejecuta en este orden
SuperAntispyware -----------> Previamente actualizado.
MalwareBytes -----> Previamente actualizado.


Reinicia en modo normal.

Ejecuta El Ccleaner para limpiar Cookies y Temporales, Luego el Limpia el Registro haciendo copia de seguridad
Haz un escaneo online con:

• Manual ewido online (lee el Manual ) Ewido online escaner Luego del Escaneo le das a Remove Infections
• Kaspersky (lee el Manual) Y nos Pegas ese nuevo Reporte de Kaspersky Aquí junto con el reporte de MalwareBytes.

Buenas,

tras el scaneo del malwarebytes han cesado los errores y se ha eliminado lo que se ejecutaba al iniciar windows y provocaba errores.

Aun asi os pasteo el log del scan (solo el del malwarebytes):

Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 2

06/01/2009 22:45:25
mbam-log-2009-01-06 (22-45-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 114443
Time elapsed: 26 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\javapukuvu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\14de6caa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpm17ed5f36 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\wahewozi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\wahewozi.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\levujiku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukijuvel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vavanoho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ohonavav.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Javi\Configuración local\Archivos temporales de Internet\Content.IE5\UPKRI1S9\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP286\A0086598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP287\A0086703.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP287\A0086705.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP287\A0086724.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP289\A0086950.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP289\A0086962.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP289\A0086964.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP290\A0087004.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP290\A0087005.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP291\A0088041.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP291\A0088044.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP291\A0088045.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP291\A0088046.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP291\A0088047.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP291\A0088048.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP291\A0088127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088248.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088331.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088431.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088433.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP292\A0088462.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP293\A0088503.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP293\A0088504.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14C004A5-1DD0-484C-B51D-C5F667C04D4E}\RP293\A0088505.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fawedevi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\golopate.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lobuzosi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\makezimu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wahewozi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuduzuli.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuvifobi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

---

MUchas gracias y un saludo

El problema se soluciono?

Pues eso creo, de momento no me ha aparecido ningun tipo de señal de vida mas del virus.

El malwarebyte me funciono perfectamente.

Gracias :)